CVE-2018-20815

A heap buffer overflow issue was found in the loaddevicetree function of QEMU, which is invoked to load a device tree blob at boot time. It occurs due to device tree size manipulation before buffer allocation, which could overflow a signed int type. A user/process could use this flaw to potential...

CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...

UBUNTU-CVE-2019-17178

HuffmanTreemakeFromFrequencies in lodepng.c in LodePNG through 2019-09-28, as used in WinPR in FreeRDP and other products, has a memory leak because a supplied realloc pointer i.e., the first argument to realloc is also used for a realloc return value...

Amazon Linux AMI : nghttp2 (ALAS-2019-1298) (Data Dribble) (Resource Loop)

Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority ...

CVE-2019-17063

In Snowtide PDFxStream before 3.7.1 for Java, a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling...

Code injection

In Snowtide PDFxStream before 3.7.1 for Java, a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling...

CVE-2019-17063

In Snowtide PDFxStream before 3.7.1 for Java, a crafted PDF file can trigger an extremely long running computation because of page-tree mishandling...

Node.js third-party modules: [tree-kill] RCE via insecure command concatenation (only Windows)

I would like to report a RCE issue in the tree-kill module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: tree-kill version: 1.2.1 npm page: https://www.npmjs.com/package/tree-kill Module Description Kill all processes in the process tree, including t...

EulerOS 2.0 SP3 : openssl1.1.0f (EulerOS-SA-2019-2005)

According to the version of the openssl1.1.0f packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - OpenSSL has internal defaults for a directory tree where it can find a configuration file as well as certificates used for verification in...

Fedora Update for jackson-databind FEDORA-2019-ae6a703b8f

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora Update for jackson-databind FEDORA-2019-fb23eccc03

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 30 Update: jackson-databind-2.9.9.3-1.fc30

The general-purpose data-binding functionality and tree-model for Jackson D ata Processor. It builds on core streaming parser/generator package, and uses Jackson Annotations for configuration...

GnuCOBOL buffer overflow vulnerability (CNVD-2019-32488)

GnuCOBOL is a COBOL language compiler. A buffer overflow vulnerability exists in the 'cbname' function of the cobc/tree.c file in GnuCOBOL version 2.2, which can be exploited by an attacker to cause a buffer overflow or heap overflow...

UBUNTU-CVE-2019-16395

GnuCOBOL 2.2 has a stack-based buffer overflow in the cbname function in cobc/tree.c via crafted COBOL source code...

Fedora Update for lxcfs FEDORA-2019-2baa1f7b19

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-16088

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc...

UBUNTU-CVE-2019-16088

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc...

Important: Red Hat Security Advisory: kernel-rt security and bug fix update

An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

WordPress option-tree plugin injection vulnerability

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. There is an injection vulnerability in the WordPress option-tre...

WordPress option-tree plugin injection vulnerability (CNVD-2019-30765)

WordPress is the WordPress Foundation's set of blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. option-tree is used in one of the theme selection building plugin. WordPress option-tree suffers from a plugin injection...